“If it’s a thing, then there’s an app for it!”…We trust mobile apps to process our bank transactions, handle our private data and set us up on romantic dates. However, few of us care to wonder,”How (in)secure can these apps be?” Well… at Troopers 19, you can learn how to answer this question yourself!
In our 2 day long “Hacking mobile applications” workshop, we teach how to find security vulnerabilities in mobile apps, exploit them and defend against them. We start from scratch, therefore no prior experience in hacking or developing mobile apps is required. Whether you want to learn how to pentest mobile apps, you are an app developer that fancies to secure his/her apps, or just curios, our workshop is a jumpstart to your goal.
“This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work program 2011. It is written for developers of smartphone apps as a guide to developing secure apps. It may however also be of interest to project managers of smartphone development projects.
In writing the top 10 controls, we considered the top 10 most important risks for mobile users as described in (1) and (2). As a follow-up we are working on platform-specific guidance and code samples. We hope that these controls provide some simple rules to eliminate the most common vulnerabilities from your code.”
After having a first look at the document’s content I can, while not being a developer myself, state there’s a lot of valuable guidance in it. Which is particularly useful as our assessment experience shows that quite some things (examples to be discussed in this upcoming talk at Troopers) can go wrong as for application security on smartphones.